Why does abuse handling take so long ?

• Previous message (by thread): Why does abuse handling take so long ?
• Next message (by thread): Why does abuse handling take so long ?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In a message written on Sun, Mar 13, 2011 at 12:45:04PM +0100, Alexander Maassen wrote:
> Why o why are isp's and hosters so ignorant in dealing with such issues
> and act like they do not care?

One of the things you have to remember is that ISP's get a ton of
reports, and most of them are of very low quality.  Abuse queues
are full of people who sign up for a properly run mailing list and
then a year or two later mail abuse to get taken off saying its now
spam.  Or folks who misconfigure their firewall / IDS and send in
reports of being DDOSed, by a nameserver, to which they are sending
queries and then flagging the responses as an "attack".  There are
a lot of reports that don't include either the source or destination
IP, or leave out any time information.

Worst of all, there are the automated reports where someone has a
different opinion than the law, or even reality.  They create systems
to basically DDOS abuse@, by reporting every case they can find
individually when in fact the "spammer" is doing things legally and
properly.

Of course it varies greatly ISP to ISP, depends on customer mix,
time of the day, time of the year and all sorts of other factors.
Still, there are times when I would say less than 1 in 50 e-mails
received to abuse@ is something that is a complete report and
actionable  Keep that in mind, along with what others have pointed
out, that there is generally no "profit" in handling abuse.

Quite frankly, most ISP's aren't going to take your DDOS report
seriously via e-mail.  If it's not bad enough to you that it is
worth your time and money to make a phone call and help them track
it down it is not worth their time and money to track it down and
make it stop.

In short, try picking up the phone.  You'll bypass the entire e-mail
reporting cesspool I just described, and show the ISP you actually
care.  9 out of 10 times they will respond by showing they care as
well.

-- 
       Leo Bicknell - bicknell at ufp.org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 826 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20110313/de7eae2c/attachment.sig>

• Previous message (by thread): Why does abuse handling take so long ?
• Next message (by thread): Why does abuse handling take so long ?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]